Joined: 12 May 2004
|Posted: Sat Mar 17, 2007 12:26 am Post subject: [ GLSA 200703-15 ] PostgreSQL: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: PostgreSQL: Multiple vulnerabilities (GLSA 200703-15)
Date: March 16, 2007
Updated: May 28, 2009
PostgreSQL contains two vulnerabilities that could result in a Denial of
Service or unauthorized access to certain information.
PostgreSQL is an open source object-relational database management
Vulnerable: < 8.0.11
Unaffected: >= 8.0.11
Unaffected: >= 7.4.17 < 7.4.18
Unaffected: >= 7.4.16 < 7.4.17
Unaffected: >= 7.3.19 < 7.3.20
Unaffected: >= 7.3.13 < 7.3.14
Unaffected: >= 7.3.21 < 7.3.22
Unaffected: >= 7.4.19 < 7.4.20
Architectures: All supported architectures
PostgreSQL does not correctly check the data types of the SQL function
arguments under unspecified circumstances nor the format of the
provided tables in the query planner.
A remote authenticated attacker could send specially crafted queries to
the server that could result in a server crash and possibly the
unauthorized reading of some database content or arbitrary memory.
There is no known workaround at this time.
All PostgreSQL users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose "dev-db/postgresql"
Last edited by GLSA on Mon Feb 11, 2013 4:24 am; edited 4 times in total